我是C#的新手。
请告诉我这段代码有什么问题。我使用两个输入字段EndValueTextBox和StartValueTextBox在数据库中插入数据。
我收到以下错误消息。 “对象引用未设置为对象的实例”
private void buttonSave_Click(object sender, EventArgs e)
{
connection = new System.Data.SqlClient.SqlConnection();
da = new SqlDataAdapter();
try
{
connection.ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename='G:\\C#.Net\\Forms Practice\\WindowsFormsPractice1\\WindowsFormsPractice1\\WindowsFormsPractice1.mdf';Integrated Security=True;Connect Timeout=30;User Instance=True";
}
catch (System.Exception ex)
{
MessageBox.Show(ex.Message,"Connection String");
}
try
{
connection.Open();
string sql = "insert into TBLWORKERS (first_name , last_name )" + " values('" + StartValueTextBox.Text + "', '" + EndValueTextBox.Text + ")";
//SqlDataAdapter da = new SqlDataAdapter(query, connString);
da.InsertCommand.CommandText = sql;
da.InsertCommand.ExecuteNonQuery();
}
catch (System.Exception ex)
{
MessageBox.Show(ex.Message, "Connection open");
}
}
答案 0 :(得分:2)
您的SqlDataAdapter
永远不会被分配连接来执行查询。您需要在施工期间或之后将SqlConnection
与SqlDataAdapter
相关联。
答案 1 :(得分:1)
这一行da.InsertCommand.CommandText = sql;
必须是这样的:
da.InsertCommand = new SqlCommand(sql);
答案 2 :(得分:0)
string connetionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename='G:\\C#.Net\\Forms Practice\\WindowsFormsPractice1\\WindowsFormsPractice1\\WindowsFormsPractice1.mdf';Integrated Security=True;Connect Timeout=30;User Instance=True";
SqlDataAdapter adapter = new SqlDataAdapter();
string sql = "insert into TBLWORKERS (first_name , last_name )" + " values('" + StartValueTextBox.Text + "', '" + EndValueTextBox.Text + ")";
SqlConnection connection = new SqlConnection(connetionString);
try {
connection.Open();
adapter.InsertCommand = new SqlCommand(sql, connection);
adapter.InsertCommand.ExecuteNonQuery();
} catch (Exception ex) {
MessageBox.Show(ex.Message);
}
答案 3 :(得分:0)
你什么时候例外?可能是那些行
System.Data.SqlClient.SqlConnection connection = new System.Data.SqlClient.SqlConnection();
SqlDataAdapter da = new SqlDataAdapter();
答案 4 :(得分:0)
这是对您的代码(未经测试)的一个小重写,它应该处理没有分配连接对象的SqlDataAdapter
,并演示如何使用参数化查询来帮助抵御SQL注入攻击:
private void buttonSave_Click(object sender, EventArgs e)
{
try
{
// The using block will automatically dispose of your connection when
// the block is exited and is considered standard practice.
using (SqlConnection connection = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename='G:\\C#.Net\\Forms Practice\\WindowsFormsPractice1\\WindowsFormsPractice1\\WindowsFormsPractice1.mdf';Integrated Security=True;Connect Timeout=30;User Instance=True";))
{
SqlDataAdpter da = new SqlDataAdapter();
connection.Open();
// Assign the SqlConnection object to the SqlDataAdapter
da.Connection = connection;
// Parameterize the query as shown below
string sql = "INSERT INTO TBLWORKERS(first_name, last_name) VALUES(@first_name, @last_name)";
da.InsertCommand.CommandText = sql;
// Add the values for the parameters
da.InsertCommand.Parameters.Add("@first_name", SqlDbType.NVarChar, 25, StartValueTextBox.Text);
da.InsertCommand.Parameters.Add("@last_name", SqlDbType.NVarChar, 25, EndValueTextBox.Text);
// Execute the query - rows will have the number of rows
// affected. should be 1 in this case if succesful
int rows = da.InsertCommand.ExecuteNonQuery();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Connection open");
}
}